Centos 7 installation - xcauth cli working - but Nextcloud won't login chat

[deusoz]

Hi, I'm running on a budget OpenVZ instance GNU kernel 2.6 with miminal Centos 7.
Nextcloud 16 with Ejabberd 18
Centos 7 comes with python 2.7 preinstalled.

I installed python 3 according to https://linuxize.com/post/how-to-install-python-3-on-centos-7/
Installed Berkeley Database so that python- bsddb3 module could be installed.
http://www.linuxfromscratch.org/blfs/view/svn/server/db.html

All done and so I was able to install from source the latest version of xcauth
sudo git clone https://github.com/jsxc/xmpp-cloud-auth

Revised Makefile, here is the diff ouput

7d6
< PYTHONEPREFIX   = /opt/rh/rh-python36/root/usr
9c8
< LIBDIR		= ${PYTHONPREFIX}/lib/python3.6/site-packages/${LIBNAME}
---
> LIBDIR		= ${PREFIX}/lib/python3/dist-packages/${LIBNAME}
11c10
< MODDIR		= ${PREFIX}/lib64/prosody/modules/${MODULE}
---
> MODDIR		= ${PREFIX}/lib/prosody/modules/${MODULE}
19c18
< JABDIR		= /opt/ejabberd
---
> JABDIR		= ${ETCDIR}/ejabberd
91c90
< 	  useradd --system --user-group -d ${DBDIR} --comment "XMPP Cloud Authentication" ${CUSER}; \
---
> 	  adduser --system --group --home ${DBDIR} --gecos "XMPP Cloud Authentication" ${CUSER}; \
96,101c95,100
< 	# if [ `groups prosody 2> /dev/null | grep -v xcauth | wc -l` -gt 0 ]; then \
< 	#   adduser prosody xcauth; \
< 	# fi
< 	# if [ `groups ejabberd 2> /dev/null | grep -v xcauth | wc -l` -gt 0 ]; then \
< 	#   adduser ejabberd xcauth; \
< 	# fi
---
> 	if [ `groups prosody 2> /dev/null | grep -v xcauth | wc -l` -gt 0 ]; then \
> 	  adduser prosody xcauth; \
> 	fi
> 	if [ `groups ejabberd 2> /dev/null | grep -v xcauth | wc -l` -gt 0 ]; then \
> 	  adduser ejabberd xcauth; \
> 	fi

140c139
< 	python -m compileall ${DESTDIR}${LIBDIR}
---
> 	python3 -m compileall ${DESTDIR}${LIBDIR}

_BTW After the build and failed tests, I manually added user ejabberd to group xcauth and vice versa to see if that was my issue, this command that I commented out above perplexes me "adduser ejabberd xcauth;" I just get the "--help" screen when I try that command on my Centos server _

Here is my xcauth.conf

type=ejabberd
secret=[my secret is correctly here]
url=https://aho.we1.cloud/index.php/apps/ojsxc/ajax/externalApi.php
db=/var/lib/xcauth/xcauth.sqlite3
log=/var/log/xcauth
debug

ejabberd.yml
`

language: "en"
hosts:
  - "aho.we1.cloud"

auth_method: external
extauth_program: "/opt/xmpp-cloud-auth/xcauth.py"
auth_use_cache: false    

loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100

certfiles:
  - "/opt/ejabberd-18.12.1/conf/server.pem"
  - "/opt/ejabberd/conf/fullchain.pem"
  - "/opt/ejabberd/conf/privkey.pem"

ca_file: "/opt/ejabberd-18.12.1/conf/cacert.pem"

listen:
  -
    port: 5222
    ip: "0.0.0.0"
    module: ejabberd_c2s
    max_stanza_size: 262144
    shaper: c2s_shaper
    access: c2s
    starttls_required: true
  -
    port: 5269
    ip: "0.0.0.0"
    module: ejabberd_s2s_in
    max_stanza_size: 524288
  -
    port: 5443
    ip: "0.0.0.0"
    module: ejabberd_http
    tls: true 
    request_handlers:
      "/admin": ejabberd_web_admin
      "/api": mod_http_api
      "/upload": mod_http_upload
      "/ws": ejabberd_http_ws
      "/oauth": ejabberd_oauth
      "/bosh": mod_bosh
      "/captcha": ejabberd_captcha

s2s_use_starttls: optional 

outgoing_s2s_families:
  - ipv4
outgoing_s2s_timeout: 10000

acl:
  local:
    user_regexp: ""
  loopback:
    ip:
      - "127.0.0.0/8"
      - "::1/128"
      - "::FFFF:127.0.0.1/128"
  admin:
    user:
      - "db5d@aho.we1.cloud"

access_rules:
  local:
    - allow: local
  c2s:
    - deny: blocked
    - allow
  announce:
    - allow: admin
  configure:
    - allow: admin
  muc_create:
    - allow: local
  pubsub_createnode:
    - allow: local
  register:
    - allow
  trusted_network:
    - allow: loopback

api_permissions:
  "console commands":
    from:
      - ejabberd_ctl
    who: all
    what: "*"
  "admin access":
    who:
      - access:
          - allow:
            - acl: loopback
            - acl: admin
      - oauth:
        - scope: "ejabberd:admin"
        - access:
          - allow:
            - acl: loopback
            - acl: admin
    what:
      - "*"
      - "!stop"
      - "!start"
  "public commands":
    who:
      - ip: "127.0.0.1/8"
    what:
      - "status"
      - "connected_users_number"

shaper:
  normal: 1000
  fast: 50000

shaper_rules:
  max_user_sessions: 10
  max_user_offline_messages:
    - 5000: admin
    - 100
  c2s_shaper:
    - none: admin
    - normal
  s2s_shaper: fast

max_fsm_queue: 10000

acme:
   contact: "mailto:admin@db5d.net"
   ca_url: "https://acme-v01.api.letsencrypt.org"

modules:
  mod_adhoc: {}
  mod_admin_extra: {}
  mod_announce:
    access: announce
  mod_avatar: {}
  mod_blocking: {}
  mod_bosh: {}
  mod_caps: {}
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {}
  mod_disco: {}
  mod_fail2ban: {}
  mod_http_api: {}
  mod_http_upload:
    put_url: "https://@HOST@:5443/upload"
  mod_last: {}

  mod_muc:
    access:
      - allow
    access_admin:
      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
    default_room_options:
      allow_subscription: true  # enable MucSub
      ## mam: true
  mod_muc_admin: {}
  mod_offline:
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  mod_privacy: {}
  mod_private: {}
  mod_proxy65:
    access: local
    max_connections: 5
  mod_pubsub:
    access_createnode: pubsub_createnode
    plugins:
      - "flat"
      - "pep"
    force_node_config:
      "eu.siacs.conversations.axolotl.*":
        access_model: whitelist
      "storage:bookmarks":
        access_model: whitelist
  mod_push: {}
  mod_push_keepalive: {}
  mod_register:
    ip_access: trusted_network
  mod_roster:
    versioning: true
  mod_s2s_dialback: {}
  mod_shared_roster: {}
  mod_stream_mgmt:
    resend_on_timeout: if_offline
  mod_vcard: {}
  mod_vcard_xupdate: {}
  mod_version:
    show_os: false

systemctl status ejabberd :

● ejabberd.service - XMPP Server
   Loaded: loaded (/etc/systemd/system/ejabberd.service; enabled; vendor preset: disabled)
   Active: active (running) since mié 2019-07-24 12:41:20 UTC; 1h 13min ago
  Process: 20625 ExecStop=/bin/sh -c /opt/ejabberd-18.12.1/bin/ejabberdctl stop && /opt/ejabberd-18.12.1/bin/ejabberdctl stopped (code=exited, status=0/SUCCESS)
  Process: 20773 ExecStart=/bin/sh -c /opt/ejabberd-18.12.1/bin/ejabberdctl start && /opt/ejabberd-18.12.1/bin/ejabberdctl started (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/ejabberd.service
           ├─16987 /opt/rh/rh-python36/root/bin/python3 -tt /opt/xmpp-cloud-auth/xcauth.py
           ├─16988 erl_child_setup 65536
           ├─20801 /opt/ejabberd-18.12.1/bin/epmd -daemon
           ├─20803 /opt/ejabberd-18.12.1/bin/beam.smp -K true -P 250000 -- -root /opt/ejabberd-18.12.1 -progname /opt/ejabberd-18.12.1/bin/erl -- -home /opt/ejabberd...
           ├─20812 erl_child_setup 65536
           └─20862 /opt/ejabberd-18.12.1/lib/os_mon-2.4.6/priv/bin/memsup

jul 24 12:41:17 aho systemd[1]: Starting XMPP Server...
jul 24 12:41:20 aho systemd[1]: Started XMPP Server.

OK so, let's test this baby...

command line, wow! it seems to work... it seems to affirm that user db5d has a matching pw.

sudo ./xcauth.py -A db5d aho.we1.cloud mypassword
2019-07-24 14:11:51,519 DEBUG: Start external auth script 2.0.3+ for ejabberd with endpoint: https://aho.we1.cloud/index.php/apps/ojsxc/ajax/externalApi.php
2019-07-24 14:11:51,520 DEBUG: Opening database connections main=/var/lib/xcauth/xcauth.sqlite3, cache=none
2019-07-24 14:11:51,522 DEBUG: Not a token (len: 5 != 23)
2019-07-24 14:11:51,530 DEBUG: Starting new HTTPS connection (1): aho.we1.cloud:443
2019-07-24 14:11:51,894 DEBUG: https://aho.we1.cloud:443 "POST /index.php/apps/ojsxc/ajax/externalApi.php HTTP/1.1" 200 42
2019-07-24 14:11:51,898 INFO: SUCCESS: Cloud says password for db5d@aho.we1.cloud is valid
True

But when I try via Nextcloud... does not work.

I'm not getting any log entries in my /var/log/xcauth/ folder which has permissions shown below. I tried changing owner to root, apache and xcauth, but still no logs appear.

drw-rw-r-x  2 xcauth xcauth 4096 jul 23 18:16 .
drwxr-xr-x 11 root   root   4096 jul 23 18:16 ..

Here are bosh stanzas after failed login attempt.

file: 'settings'

{"JSON":{"result":"success","data":{"serverType":"external","loginForm":{"enable":true,"startMinimized":false},"screenMediaExtension":{"firefox":"","chrome":""},"xmpp":{"url":"/bosh","domain":"aho.we1.cloud","resource":"","overwrite":true,"onlogin":null},"adminSettings":{"xmppDomain":"aho.we1.cloud"}}},"Response payload":{"EDITOR_CONFIG":{"text":"{\"result\":\"success\",\"data\":{\"serverType\":\"external\",\"loginForm\":{\"enable\":true,\"startMinimized\":false},\"screenMediaExtension\":{\"firefox\":\"\",\"chrome\":\"\"},\"xmpp\":{\"url\":\"\\/bosh\",\"domain\":\"aho.we1.cloud\",\"resource\":\"\",\"overwrite\":true,\"onlogin\":null},\"adminSettings\":{\"xmppDomain\":\"aho.we1.cloud\"}}}","mode":"application/json"}}}

bosh (1 of 2)
<body xmpp:version='1.0' authid='3432347219603930566' xmlns='http://jabber.org/protocol/httpbind' sid='fdd10f2e385854cb2150730e7fb4fc8a7d130348' wait='60' ver='1.11' polling='2' inactivity='30' hold='1' xmpp:restartlogic='true' requests='2' secure='true' maxpause='120' xmlns:xmpp='urn:xmpp:xbosh' xmlns:stream='http://etherx.jabber.org/streams' from='aho.we1.cloud'><stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism><mechanism>X-OAUTH2</mechanism></mechanisms><register xmlns='http://jabber.org/features/iq-register'/></stream:features></body>

bosh (2 of 2)

<body xmlns='http://jabber.org/protocol/httpbind'><failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text xml:lang='en'>Invalid username or password</text></failure></body>

And so it says I have invalid user name or password, yet am using correct un/pw.

Thank you for you time in helping troubleshoot this!

[deusoz]

Maybe only has to do with permissions somewhere?

[deusoz]

BTW, here's what appears in console.log after failed login via NC

[WARN] Unable to create user prefix 5 jsxc.min.js:184:18
Try to relogin jsxc.min.js:184:18
null 2 jsxc.min.js:184:18
Logout was forced or I found no valid jid jsxc.min.js:184:18
[WARN] Unable to create user prefix

XHRPOSThttps://aho.we1.cloud/index.php/apps/ojsxc/settings
[HTTP/2.0 200 OK 355ms]

State changed to ESTABLISHING jsxc.min.js:184:18
New connection jsxc.min.js:184:18
CONNECTING: null jsxc.min.js:184:18
XHRPOSThttps://aho.we1.cloud/bosh
[HTTP/2.0 200 OK 332ms]

XHRPOSThttps://aho.we1.cloud/bosh
[HTTP/2.0 200 OK 2811ms]

AUTHFAIL: null

[sualko]

Do you have any errors in your ejabberd or sys log? Apparmor installed?

[deusoz]

ejabberd error.log entries:

2019-07-25 09:03:18.786 [error] <0.13210.7>@extauth:handle_info:153 External authentication program '/opt/xmpp-cloud-auth/xcauth.py' has terminated unexpectedly (pid=20136), restarting via supervisor...
2019-07-25 09:03:18.786 [error] <0.13199.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_3' started with extauth:start_link('extauth_pool_aho.we1.cloud_3', "/opt/xmpp-cloud-auth/xcauth.py") at <0.13210.7> exit with reason normal in context child_terminated
2019-07-25 09:03:18.792 [error] <0.13216.7>@extauth:handle_info:149 Failed to start external authentication program '/opt/xmpp-cloud-auth/xcauth.py'
2019-07-25 09:03:18.793 [error] <0.13199.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_2' started with extauth:start_link('extauth_pool_aho.we1.cloud_2', "/opt/xmpp-cloud-auth/xcauth.py") at <0.13216.7> exit with reason normal in context child_terminated
2019-07-25 09:03:18.794 [error] <0.13199.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_2' started with extauth:start_link('extauth_pool_aho.we1.cloud_2', "/opt/xmpp-cloud-auth/xcauth.py") at <0.13216.7> exit with reason reached_max_restart_intensity in context shutdown
2019-07-25 09:03:18.794 [error] <0.427.0> Supervisor ejabberd_backend_sup had child 'extauth_pool_aho.we1.cloud' started with extauth_sup:start_link(<<"aho.we1.cloud">>, "/opt/xmpp-cloud-auth/xcauth.py", 'extauth_pool_aho.we1.cloud') at <0.13199.7> exit with reason shutdown in context child_terminated

[deusoz]

no apparmor

[deusoz]

httpd error log:

[Wed Jul 24 02:15:43.324796 2019] [auth_digest:notice] [pid 515] AH01757: generating secret for digest authentication ...
[Wed Jul 24 02:15:43.329447 2019] [ssl:warn] [pid 515] AH01909: RSA certificate configured for localhost.localdomain:443 does NOT include an ID which matches the server name
[Wed Jul 24 02:15:43.535080 2019] [mpm_prefork:notice] [pid 515] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.3.7 configured -- resuming normal operations
[Wed Jul 24 02:15:43.535114 2019] [core:notice] [pid 515] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Jul 24 10:00:49.082120 2019] [proxy_fcgi:error] [pid 809] [client 198.23.215.246:44506] AH01068: Got bogus version 113
[Wed Jul 24 10:25:56.634569 2019] [proxy_fcgi:error] [pid 815] [client 198.23.215.246:58106] AH01068: Got bogus version 78
[Wed Jul 24 10:25:56.853344 2019] [proxy_fcgi:error] [pid 12701] [client 198.23.215.246:58168] AH01068: Got bogus version 97
[Wed Jul 24 10:31:23.478189 2019] [proxy_fcgi:error] [pid 4111] [client 198.23.215.246:33258] AH01068: Got bogus version 113
[Wed Jul 24 23:49:46.055863 2019] [proxy_fcgi:error] [pid 31347] [client 198.23.215.246:45124] AH01068: Got bogus version 97
[Wed Jul 24 23:49:46.212270 2019] [proxy_fcgi:error] [pid 30707] [client 198.23.215.246:45128] AH01068: Got bogus version 105
[Thu Jul 25 00:01:48.881385 2019] [proxy_fcgi:error] [pid 1004] [client 198.23.215.246:60068] AH01068: Got bogus version 113
[Thu Jul 25 00:35:07.693389 2019] [proxy_fcgi:error] [pid 13253] [client 198.23.215.246:47990] AH01068: Got bogus version 97
[Thu Jul 25 00:47:14.818279 2019] [proxy_fcgi:error] [pid 13272] [client 198.23.215.246:59894] AH01068: Got bogus version 28
[Thu Jul 25 00:47:15.245288 2019] [proxy_fcgi:error] [pid 32204] [client 198.23.215.246:59898] AH01068: Got bogus version 105
[Thu Jul 25 00:47:15.835956 2019] [proxy_fcgi:error] [pid 12242] [client 198.23.215.246:59896] AH01068: Got bogus version 97

[deusoz]

I notice other parts of ejabberd error log have this as well:

2019-07-25 09:55:49.775 [error] <0.31299.7>@extauth:handle_info:153 External authentication program '/opt/xmpp-cloud-auth/xcauth.py' has terminated unexpectedly (pid=5073), restarting via supervisor...
2019-07-25 09:55:49.776 [error] <0.31294.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_5' started with extauth:start_link('extauth_pool_aho.we1.cloud_5', "/opt/xmpp-cloud-auth/xcauth.py") at <0.31299.7> exit with reason normal in context child_terminated
2019-07-25 09:55:49.777 [error] <0.31301.7>@extauth:handle_info:153 External authentication program '/opt/xmpp-cloud-auth/xcauth.py' has terminated unexpectedly (pid=5075), restarting via supervisor...
2019-07-25 09:55:49.778 [error] <0.31294.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_7' started with extauth:start_link('extauth_pool_aho.we1.cloud_7', "/opt/xmpp-cloud-auth/xcauth.py") at <0.31301.7> exit with reason normal in context child_terminated
2019-07-25 09:55:50.134 [error] <0.31304.7>@extauth:handle_info:149 Failed to start external authentication program '/opt/xmpp-cloud-auth/xcauth.py'
2019-07-25 09:55:50.135 [error] <0.31294.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_4' started with extauth:start_link('extauth_pool_aho.we1.cloud_4', "/opt/xmpp-cloud-auth/xcauth.py") at <0.31304.7> exit with reason normal in context child_terminated
2019-07-25 09:55:50.222 [error] <0.31306.7>@extauth:handle_info:149 Failed to start external authentication program '/opt/xmpp-cloud-auth/xcauth.py'
2019-07-25 09:55:50.224 [error] <0.31294.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_7' started with extauth:start_link('extauth_pool_aho.we1.cloud_7', "/opt/xmpp-cloud-auth/xcauth.py") at <0.31306.7> exit with reason normal in context child_terminated
2019-07-25 09:55:50.547 [error] <0.31303.7>@extauth:handle_info:149 Failed to start external authentication program '/opt/xmpp-cloud-auth/xcauth.py'
2019-07-25 09:55:50.548 [error] <0.31294.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_6' started with extauth:start_link('extauth_pool_aho.we1.cloud_6', "/opt/xmpp-cloud-auth/xcauth.py") at <0.31303.7> exit with reason normal in context child_terminated
2019-07-25 09:55:50.637 [error] <0.31308.7>@extauth:handle_info:149 Failed to start external authentication program '/opt/xmpp-cloud-auth/xcauth.py'
2019-07-25 09:55:50.637 [error] <0.31294.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_7' started with extauth:start_link('extauth_pool_aho.we1.cloud_7', "/opt/xmpp-cloud-auth/xcauth.py") at <0.31308.7> exit with reason normal in context child_terminated
2019-07-25 09:55:50.730 [error] <0.31305.7>@extauth:handle_info:149 Failed to start external authentication program '/opt/xmpp-cloud-auth/xcauth.py'
2019-07-25 09:55:50.730 [error] <0.31294.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_5' started with extauth:start_link('extauth_pool_aho.we1.cloud_5', "/opt/xmpp-cloud-auth/xcauth.py") at <0.31305.7> exit with reason normal in context child_terminated
2019-07-25 09:55:50.731 [error] <0.31294.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_5' started with extauth:start_link('extauth_pool_aho.we1.cloud_5', "/opt/xmpp-cloud-auth/xcauth.py") at <0.31305.7> exit with reason reached_max_restart_intensity in context shutdown
2019-07-25 09:55:50.732 [error] <0.427.0> Supervisor ejabberd_backend_sup had child 'extauth_pool_aho.we1.cloud' started with extauth_sup:start_link(<<"aho.we1.cloud">>, "/opt/xmpp-cloud-auth/xcauth.py", 'extauth_pool_aho.we1.cloud') at <0.31294.7> exit with reason shutdown in context child_terminated
2019-07-25 09:55:51.317 [error] <0.31312.7>@extauth:handle_info:149 Failed to start external authentication program '/opt/xmpp-cloud-auth/xcauth.py'
2019-07-25 09:55:51.318 [error] <0.31311.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_1' started with extauth:start_link('extauth_pool_aho.we1.cloud_1', "/opt/xmpp-cloud-auth/xcauth.py") at <0.31312.7> exit with reason normal in context child_terminated
2019-07-25 09:55:51.820 [error] <0.31314.7>@extauth:handle_info:153 External authentication program '/opt/xmpp-cloud-auth/xcauth.py' has terminated unexpectedly (pid=5087), restarting via supervisor...
2019-07-25 09:55:51.821 [error] <0.31311.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_3' started with extauth:start_link('extauth_pool_aho.we1.cloud_3', "/opt/xmpp-cloud-auth/xcauth.py") at <0.31314.7> exit with reason normal in context child_terminated
2019-07-25 09:55:51.868 [error] <0.31320.7>@extauth:handle_info:149 Failed to start external authentication program '/opt/xmpp-cloud-auth/xcauth.py'
2019-07-25 09:55:51.869 [error] <0.31311.7> Supervisor 'extauth_pool_aho.we1.cloud' had child 'extauth_pool_aho.we1.cloud_1' started with extauth:start_link('extauth_pool_aho.we1.cloud_1', "/opt/xmpp-cloud-auth/xcauth.py") at <0.31320.7> exit with reason normal in context child_terminated
2019-07-25 09:55:52.212 [error] <0.31321.7>@extauth:handle_info:149 Failed to start external authentication program '/opt/xmpp-cloud-auth/xcauth.py'

[zeigerpuppy]

I am having the same issue. xcauth works properly from the command line when executed with user permissions of ejabberd but fails to start as a child process. I have disabled the apparmor profile and the error continues to occur.

Setup:

• Debian 10 (no systemd) - I generally prefer to use SysVinit
  • ejabberd 18.12.1-2~bpo9+1 (from stretch backports)
• xcauth compiled from git (using make install)
  • (the debian package requires systemd which is why I manually compiled it)

ejabberd.yml auth config:

## Auth method (external to connect to Nextcloud)
auth_method: external
extauth_program: "/usr/sbin/xcauth"
auth_use_cache: false

I notice that the docs say that we may need a wrapper, xcauth.sh as the extauth_program due to library issues but this file is not available in the repository as far as I can see. Nor is it available from the xcauth.deb (I tried extracting it from the .deb)

Any ideas how to fix this issue?

ejabberd Log:

2019-08-11 20:35:49.146 [error] <0.616.0>@extauth:handle_info:149 Failed to start external authentication program '/usr/sbin/xcauth'
2019-08-11 20:35:49.146 [error] <0.615.0> Supervisor 'extauth_pool_mdm.server.net' had child 'extauth_pool_mdm.server.net_1' started with extauth:start_link('extauth_pool_mdm.server.net_1', "/usr/sbin/xcauth") at <0.616.0> exit with reason normal in context child_terminated
2019-08-11 20:35:49.230 [error] <0.619.0>@extauth:handle_info:149 Failed to start external authentication program '/usr/sbin/xcauth'
2019-08-11 20:35:49.231 [error] <0.618.0> Supervisor extauth_pool_localhost had child extauth_pool_localhost_1 started with extauth:start_link(extauth_pool_localhost_1, "/usr/sbin/xcauth") at <0.619.0> exit with reason normal in context child_terminated
2019-08-11 20:35:49.245 [error] <0.620.0>@extauth:handle_info:149 Failed to start external authentication program '/usr/sbin/xcauth'
2019-08-11 20:35:49.245 [error] <0.618.0> Supervisor extauth_pool_localhost had child extauth_pool_localhost_2 started with extauth:start_link(extauth_pool_localhost_2, "/usr/sbin/xcauth") at <0.620.0> exit with reason normal in context child_terminated
2019-08-11 20:35:49.570 [error] <0.621.0>@extauth:handle_info:149 Failed to start external authentication program '/usr/sbin/xcauth'
2019-08-11 20:35:49.571 [error] <0.615.0> Supervisor 'extauth_pool_mdm.server.net' had child 'extauth_pool_mdm.server.net_2' started with extauth:start_link('extauth_pool_mdm.server.net_2', "/usr/sbin/xcauth") at <0.621.0> exit with reason normal in context child_terminated

edit

• to clarify that this occurred on Debian Buster (10)

[lnjX]

I think I got the same problem after debian buster upgrade. I didn't find a solution and needed to restore the server backup with debian stretch.

[zeigerpuppy]

Looks like it's definitely an issue in Buster (I checked and the server it was not working on was running Buster). Looks like staying on Stretch is the way to go currently.

[MarcelWaldvogel]

Are there any error messages in /var/log/xcauth/*?

I also fixed #83 today, which was related to startup on newer versions of Debian/Ubuntu. Maybe updating hepls?